#!/usr/bin/env bash

set -o nounset -o errexit -o pipefail -o xtrace

coredns_image="{KUBELET_COREDNS_IMAGE:-/nix/store/1crdy15nv25jpbvknrzyhg6khv9ikhl9-docker-image-coredns-coredns-1.7.1.tar}"
pause_image="${KUBELET_PAUSE_IMAGE:-/nix/store/xjlwhyqjhx0j2sc41wfpsw1zvhn98vh5-docker-image-pause.tar.gz}"

LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules
export LINUX_MODULE_DIRECTORY

if [[ -e /proc/drbd ]]
then
    printf "DEBUG: '/proc/drbd' file already exist.\n" 2>&1
else
    if [[ -e "${LINUX_MODULE_DIRECTORY}/*/extra/drbd9.ko.gz" ]]
    then
        modprobe drbd9
    else
        printf "DEBUG: 'drbd9.ko.gz' file not found.\n" 2>&1
    fi
fi

if [[ $(ctr --namespace k8s.io images list) == *docker.io/coredns/coredns:1.7.1* ]]
then
    :
else
    cat "$cordns_image" | ctr -n k8s.io image import --all-platforms -
fi

if [[ $(ctr --namespace k8s.io images list) == *docker.io/library/pause:latest* ]]
then
    :
else
    zcat "$pause_image" | ctr -n k8s.io image import --all-platforms -
fi

if mountpoint --quiet /sys/fs/bpf
then
    :
else
    mount -o rw,nosuid,nodev,noexec,relatime,mode=700 -t bpf none /sys/fs/bpf
    mount --make-shared /sys/fs/bpf
fi

if [[ -d /var/hpvolumes ]]
then
    if mountpoint --quiet /var/hpvolumes
    then
        :
    else
        mount --bind /var/hpvolumes /var/hpvolumes
        mount --make-shared /var/hpvolumes
    fi
fi

(
    until mountpoint --quiet /run/cilium/cgroupv2
    do
        sleep 5
    done

    if grep --quiet 'cilium.*shared' /proc/$$/mountinfo
    then
        :
    else
        mount --make-shared /run/cilium/cgroupv2
    fi

    # Required for node-exporter in a "monitoring" namespace.
    if grep --quiet '/ / .*shared' /proc/$$/mountinfo
    then
        :
    else
        mount --make-shared /
    fi
) &

# Add rlimits to service file by crosbymichael · Pull Request #1846
# https://github.com/containerd/containerd/pull/1846
containerd_pid="$(cat /run/containerd/containerd.pid)"
prlimit --pid "$containerd_pid" --nofile=1048576:1048576
prlimit --pid "$containerd_pid" --nproc=unlimited

kubelet \
    --address=192.168.154.1 \
    --authentication-token-webhook \
    --authentication-token-webhook-cache-ttl=10s \
    --authorization-mode=Webhook \
    --client-ca-file=/etc/kubernetes/pki/ca.pem \
    --cluster-dns=10.8.255.254 \
    --cluster-domain=cluster.local \
    --hairpin-mode=hairpin-veth \
    --healthz-bind-address=127.0.0.1 \
    --healthz-port=10248 \
    --hostname-override=kube1 \
    --kubeconfig=/home/oleg/.local/share/chezmoi/dotfiles/kubernetes/kubeconfig \
    --pod-infra-container-image=pause \
    --port=10250 \
    --register-node=true \
    --register-with-taints=unschedulable=true:NoSchedule \
    --root-dir=/var/lib/kubelet \
    --tls-cert-file=/etc/kubernetes/pki/kubelet-client-kube1.pem \
    --tls-private-key-file=/etc/kubernetes/pki/kubelet-client-kube1-key.pem \
    --container-runtime=remote \
    --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
    --fail-swap-on=false \
    --pod-manifest-path=/etc/kubernetes/manifests
